Intrusion Response as a Resource Allocation Problem

Abstract

We study intrusion response in access control systems as a resource allocation problem, and address it within a decision and control framework. By modeling the interaction between malicious attacker(s) and the intrusion detection system (IDS) as a noncooperative non-zero sum game, we develop an algorithm for optimal allocation of the system administrator's time available for responding to attacks, which is treated as a scarce resource. This algorithm, referred to as the Automatic or Administrator Response (AOAR) algorithm, applies neural network and LP optimization tools. Finally, we implement an IDS prototype in MATLAB based on a game theoretical framework, and demonstrate its operation under various scenarios with and without the AOAR algorithm. Our approach and the theory developed are general and can be applied to a variety of IDSs and computer networks.